Collaborate Disseminate
In general timing attacks are a manifestation of the implementation. So if I am processing data on the server or the client then I can leak information depending on how the code is written.
To prevent such vulnerabilities, … Continue reading Are there techniques or methods to develop security protocols without side channel attacks?
I have a PC that i only use for browsing the web. I do not have any problem with disabling any other services/protocols that does not affect web browsing.
I want to disable these unnecessary services (For example: Server Mess… Continue reading How to restrict my PC to browsing only for security reasons?
In a Windows domain environment, there are numerous protocols (SMB, LDAP, Webpages, RDP, FTP, etc.) that query against the same Windows based AD. Many of these protocols have their own overhead that takes time, or issues tha… Continue reading What’s the fastest protocol to target for password attacks
Within the OSI-Model, why is SQL considered to be a session layer “protocol”? Isn’t SQL a language and not a protocol at all?
Continue reading Why is SQL considered to be a session layer "protocol"?
Here’s a toy example of a game: the player is presented with N slot machines. They can click on each slot machine once, and when they do so, the slot machine rolls a random outcome (based on a predetermined set of outcomes an… Continue reading Is there any way to protect a client-side game from a hacked client?
Here’s a toy example of a game: the player is presented with N slot machines. They can click on each slot machine once, and when they do so, the slot machine rolls a random outcome (based on a predetermined set of outcomes an… Continue reading Is there any way to protect a client-side game from a hacked client?
There is plenty of software which allows a user to input a recipient’s information, and a fake-originator’s information, and the software will complete the caller ID spoof. I’m trying to understand why the telephony stack is … Continue reading Why is caller ID spoofing so simple, and catching offenders so hard?
I would like to encapsulate SignedData in EnvelopedData.
I am using BouncyCastle.
After looking in an example, I wrote something like this:
CMSSignedData signedData = gen.generate(new CMSProcessableByteArray(out.toByteArra… Continue reading Nested PKCS7 in BouncyCastle
In the Christmas spirit I read Cryptographic Secret Santa from MathOverflow, and then followed the link to another page titled Cryptographic Secret Santa.
On this latter page the author explains an algorithm he would use to assign Secret … Continue reading Secret Santa implementation that does not require a participant to trust the server
Many systems store secret or sensitive information in LDAP attributes. For example, IEC/TS 62351-8 prescribes storage of user tokens in LDAP.
Is it safe to store secret or sensitive information as an attribute in LDAP? Can L… Continue reading Is it safe to store secrets in LDAP?